https://transport.data.gouv.fr
Faciliter l'accès à l’information voyageur pour tous, partout en France, grâce à l’ouverture des données.
Mise à jour il y a : environ 1 heure
warn-no-info
Aucune information trouvée dans cette catégorie
warn-no-info
Aucune information trouvée dans cette catégorie
Scan Summary :
Sévérité | Service à l'écoute | Vulnérabilités |
|---|---|---|
| http (port:80) | ||
| tcpwrapped (port:179) | ||
| https (port:443) | ||
| socks (port:1080) | ||
| pvuniwien (port:1081) | ||
| ppp (port:3000) | ||
| ssh (port:5002) | ||
| amqp (port:5800) | ||
| unknown (port:5962) | ||
| tcpwrapped (port:9999) |
Scan Summary :
Impact | Description | Documentation |
|---|---|---|
| Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src. | Doc Content Security Policy. L'extension github.com/april/laboratory permet de générer la CSP pour votre application. | |
| Cookies set without using the Secure flag or set over HTTP | OWASP Session Management Cheat Sheet. | |
| HTTP Strict Transport Security (HSTS) header not implemented | Doc header Strict-Transport-Security (HSTS). | |
| X-XSS-Protection header not implemented | Doc header X-XSS-Protection. |
Scan Summary :
Grade capped to A. HSTS is not offered
Expiration : 19/04/2024
Risk/Confidence | Name |
|---|---|
| PII Disclosure | |
| CSP: Wildcard Directive | |
| CSP: script-src unsafe-eval | |
| CSP: script-src unsafe-inline | |
| Content Security Policy (CSP) Header Not Set | |
| Sub Resource Integrity Attribute Missing | |
| Application Error Disclosure | |
| Cross-Domain Misconfiguration | |
| Missing Anti-clickjacking Header | |
| Absence of Anti-CSRF Tokens | |
| CSP: Notices | |
| Strict-Transport-Security Header Not Set | |
| Application Error Disclosure | |
| Cookie Without Secure Flag | |
| Cross-Domain JavaScript Source File Inclusion | |
| Permissions Policy Header Not Set | |
| X-Content-Type-Options Header Missing | |
| Timestamp Disclosure - Unix | |
| Dangerous JS Functions | |
| Timestamp Disclosure - Unix | |
| Sec-Fetch-Dest Header is Missing | |
| Sec-Fetch-Mode Header is Missing | |
| Sec-Fetch-Site Header is Missing | |
| Sec-Fetch-User Header is Missing | |
| Base64 Disclosure | |
| Information Disclosure - Sensitive Information in URL | |
| Modern Web Application | |
| Non-Storable Content | |
| Session Management Response Identified | |
| Information Disclosure - Suspicious Comments | |
| Re-examine Cache-control Directives | |
| User Controllable HTML Element Attribute (Potential XSS) |
Séverité | Name | Matcher |
|---|---|---|
| CAA Record | caa-fingerprint | |
| DNS DMARC - Detect | dmarc-detect | |
| MX Record Detection | mx-fingerprint | |
| DNS TXT Record Detected | txt-fingerprint | |
| NS Record Detection | nameserver-fingerprint | |
| HTTP Missing Security Headers | x-permitted-cross-domain-policies | |
| HTTP Missing Security Headers | clear-site-data | |
| HTTP Missing Security Headers | strict-transport-security | |
| HTTP Missing Security Headers | content-security-policy | |
| HTTP Missing Security Headers | permissions-policy | |
| HTTP Missing Security Headers | x-content-type-options | |
| HTTP Missing Security Headers | cross-origin-resource-policy | |
| HTTP Missing Security Headers | x-frame-options | |
| HTTP Missing Security Headers | referrer-policy | |
| HTTP Missing Security Headers | cross-origin-embedder-policy | |
| HTTP Missing Security Headers | cross-origin-opener-policy | |
| robots.txt endpoint prober | robots-txt-endpoint | |
| security.txt File | security-txt | |
| Detect SSL Certificate Issuer | ssl-issuer | |
| SSL DNS Names | ssl-dns-names | |
| TLS Version - Detect | tls-version |
warn-no-info
Aucune information trouvée dans cette catégorie